Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 Resource protected by organization SAML enforcement #1504

Closed
nibanks opened this issue Jan 20, 2022 · 4 comments · Fixed by ossf/scorecard-action#67
Closed

403 Resource protected by organization SAML enforcement #1504

nibanks opened this issue Jan 20, 2022 · 4 comments · Fixed by ossf/scorecard-action#67
Assignees
@laurentsimon @olivekl
Labels
kind/bug Something isn't working

Comments

@nibanks
Copy link

nibanks commented Jan 20, 2022

Describe the bug

I followed the steps here to add a scorecard action to microsoft/msquic with this PR. The Action passed on the PR.

After I merged the PR, the action failed though:

Event file: /github/workflow/event.json
Event name: push
Ref: refs/heads/main
Private repository: false
Publication enabled: true
Format: sarif
Policy file: /policy.yml
2022/01/20 20:05:01 repo unreachable: GET https://api.github.com/repos/microsoft/msquic: 403 Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. []
panic: repo unreachable: GET https://api.github.com/repos/microsoft/msquic: 403 Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. []

I just double checked my PAT and it exactly matches what is required per the setup instructions. What am I doing wrong? Is the Microsoft organization doing something special on push runs to prevent this from working?

The only difference on my end is that publication is disabled for PRs, but enabled on push to main. Does the above only execute when publication is enabled?
@nibanks nibanks added the kind/bug Something isn't working label Jan 20, 2022
@azeemshaikh38
Copy link
Contributor

azeemshaikh38 commented Jan 20, 2022
edited
Loading

Thanks for bringing this to our attention @nibanks. Is it possible that SAML authentication is enabled on your GitHub organization? If so, you'll need to follow the instructions here to give the right access to your PAT.

Let me know if that works. I did some preliminary digging to find this info.

@laurentsimon this is an interesting corner case. We should look into it and document it for the users.

@nibanks
Copy link
Author

nibanks commented Jan 20, 2022

Ah, yes. The Microsoft org does use SSO. I just enabled that for the PAT and reran the latest workflow and it passed. So I'd definitely update the PAT instructions to note this edge case and how to fix for it.

Thanks!

@laurentsimon
Copy link
Contributor

cc @olivekl

@azeemshaikh38
Copy link
Contributor

Thanks for confirming @nibanks. @olivekl @laurentsimon assigning this to you both. Let's update the documentation before closing this issue.

@laurentsimon laurentsimon mentioned this issue Jan 21, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laurentsimon laurentsimon

@olivekl olivekl

Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

📖 Add doc about SAML SSO laurentsimon/scorecard-action
4 participants
@azeemshaikh38 @nibanks @laurentsimon @olivekl